V
Vincent Fatica
The Local Security Policy MMC snap-in allows me to create an IPSEC
filter with
Address: 210.0.0.0
Mask: 254.0.0.0
And it works, matching 210.*.*.* and 211.*.*.*.
But it won't let me create one with
Address: 60.0.0.0
Mask: 254.0.0.0
telling me the mask is invalid. What's going on?
Another question: Does it allow non-contiguous masks? These IP
addresses
81.52.250.0 - 81.52.250.127
are a collection of Akamai servers (some of which MS uses). When I
try to design a filter to target them, I use
Address: 81.52.250.0
Mask: 255.255.255.127
Again, I'm told "invalid mask". Am I supposed to make 127 different
filters? It would seem that IP matching via an address/mask
specification is a very simple thing. Why is IPSEC's implementation
of it so flaky?
I could find no rules for address/mask pairs. Has MS said anywhere
how to determine the validity of such a spec?
Any help ...? Thanks.
filter with
Address: 210.0.0.0
Mask: 254.0.0.0
And it works, matching 210.*.*.* and 211.*.*.*.
But it won't let me create one with
Address: 60.0.0.0
Mask: 254.0.0.0
telling me the mask is invalid. What's going on?
Another question: Does it allow non-contiguous masks? These IP
addresses
81.52.250.0 - 81.52.250.127
are a collection of Akamai servers (some of which MS uses). When I
try to design a filter to target them, I use
Address: 81.52.250.0
Mask: 255.255.255.127
Again, I'm told "invalid mask". Am I supposed to make 127 different
filters? It would seem that IP matching via an address/mask
specification is a very simple thing. Why is IPSEC's implementation
of it so flaky?
I could find no rules for address/mask pairs. Has MS said anywhere
how to determine the validity of such a spec?
Any help ...? Thanks.